Wednesday, September 14, 2016

…Liability for
data breaches that affect customers leads directly to the C-suite. Executives need to personally know how strong
their company’s cyber defenses are, as well as the expected responses for
attacks or breaches. But according to
the survey, 40% admitted that they lacked a clear understanding of the
cybersecurity protocols within their organizations. This should be an urgent wake-up call to
executives that cybersecurity needs to be taken seriously throughout the
organization.

Something for my IT Governance students to debate.When Cyber War comes, you need to know what
your Cyber Weapons can do. Should you
have extra Cyber Defenses on hand, ready to install?

Over the past year or two, someone has been probing the
defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely
calibrated attacks designed to determine exactly how well these companies can
defend themselves, and what would be required to take them down. We don't know who is doing this, but it feels
like a large a large nation state. China and Russia would be my first guesses.

…What can we do
about this? Nothing, really. We don't know where the attacks come from. The data I see suggests China, an assessment
shared by the people I spoke with. On
the other hand, it's possible to disguise the country of origin for these sorts
of attacks. The NSA, which has more
surveillance in the Internet backbone than everyone else combined, probably has
a better idea, but unless the U.S. decides
to make an international incident over this, we won't see any attribution.

But this is happening. And people should know.

(Related) If we assume that politicians are not the only
ones looking for backdoors, who might want this information and what could they
do with it?

A yawning back-end pathway into
the state’s voter registration database, through which private information
could have been accessed, has been closed, thanks to the candidate challenging
Secretary of State Kim Wyman.

“Anyone with basic programming
skills and knowledge about these weaknesses could conceivably (access) this
data, look up and harvest private data from millions of Washingtonians,” Tina
Podlodowski wrote Wednesday to the state’s chief information security officer (CISO).

The information accessible via
the back-end pathway included voters’ personal cell phone numbers, personal
email addresses, ballot delivery types, and the coding used to message military
and overseas voters.

U.S. Healthwork has notified HHS and 1400 patients after a
laptop with protected health information was stolen from an employee. Although the laptop was encrypted, the
password was stolen with the laptop.

…Last summer, as
the FBI was beginning what would become a yearlong investigation into the
private server Clinton used while secretary of State, a Connecticut company in
charge of backing up her server sent a warning to Platte River Networks, the Colorado-based firm that
had managed her primary machine since 2013.

“[W]e have some concerns relative to data security,” the
Connecticut storage firm, Datto, told Platte River Networks in an
August 2015, email

“Platte has
not enabled encryption at the local device.Given the sensitive, high-profile nature of
the data which is alleged in press reports to potentially reside on the Datto
device, it may be the target of cyber attack from a multitude of highly
sophisticated and capable entities or individuals,” it added. “We believe such an event could place the
unencrypted data itself at risk, as well as expose both Datto and Platte River
systems to collateral damage.

Consumer protection officials have issued a warning about
card skimmers that have shown up at gas pumps across Wisconsin.

Thieves that have attached the skimmers at the pumps are
stealing credit or debit card information. The Department of Agriculture, Trade and
Consumer Protection says state investigators found at least 15 skimmers during
inspections of gas pumps over the past five weeks.

Four media companies agreed to a $835,000 settlement for
knowingly tracking children online, which is illegal in the United States.

Viacom, Mattel, Hasbro, and JumpStart Games all settled
with New York Attorney General Eric T. Schneiderman today, after an
investigation called “Operation Child Tracker”. Schneiderman, in a statement:

Operation Child Tracker revealed
that some of our nation’s biggest companies failed to protect kids’ privacy and
shield them from illegal online tracking.

…McCain queried
Rogers about a Wall Street Journal report in May that Twitter had blocked intelligence
agencies from using Dataminr, which uses algorithms and location
tools to reveal patterns among tweets.

The veteran senator said the report indicated that
Dataminr had alerted its clients minutes before this year's Brussels attacks
and at the time the November Paris attacks began to unfold.

"So we have a situation where we have the ability to
detect terror attacks... Yet in order to
for us to anticipate these attacks we have to have certain information, and
Twitter is refusing to allow them to have certain information which literally
could prevent attacks?" the senator who heads the Armed Services Committee
asked.

Rogers replied: "Yes sir, and at the same time
(Twitter is) still willing to provide that information to others for business,
for sale, for revenue."

Alibaba’s payments arm, Ant Financial, has acquired
EyeVerify, a maker of optical recognition technology used by Wells
Fargo along with dozens of regional banks and credit unions across the
country.

Bloomberg
reported the purchase price as around $70 million, but a person close to
EyeVerify says this is incorrect and that the actual amount was $100 million,
and that it was an all-cash transaction.

New York Gov. Andrew Cuomo and
the state’s top banking regulator proposed regulations Tuesday that would be
among the first in the U.S. to require banks to establish cybersecurity
programs.

If implemented, the regulations would increase the onus on
some of the world’s largest banks to invest in cyber protections that could
cost them and insurers millions of dollars, according to experts. Banks would be required to hire a chief
information security officer and implement measures that detect and deter cyber
intrusions and protect consumer data.

…In an interview with Network World Senior Editor Brandon
Butler and IDG Chief Content Officer John Gallant, LeBlanc talked about how IBM
is tailoring its cloud services to specific vertical industries and what Big
Blue is doing to enhance its Platform- and Infrastructure-as-a-Service
capabilities. He also discussed why
partnerships with companies ranging from VMware, Box, SAP and Workday are
strengthening IBM’s cloud play.

(Related) Because some new
hardware is going to be connected to Cloud services by default.Like this one.

Managing a police department is a tough job, and the legitimacy crisis currently facing American policing
has made it even tougher.Today’s police
managers — from chiefs and sheriffs to sergeants and watch commanders —
risk losing officer morale and productivity in the form of de-policing (withdrawing from their duties), and are
beginning to witness recruitment and retention problems.

Even if it’s “not quite a war,” listening to the war
fighters makes sense.

The agreement that Secretary of State John Kerry announced with Russia to
reduce the killing in Syria has widened an increasingly public divide between
Mr. Kerry and Defense Secretary Ashton B. Carter, who has deep reservations
about the plan for American and Russian forces to jointly target terrorist
groups.

Links

About Me

I live in Centennial Colorado. (I'm not actually 100 years old., but I hope to be some day.) I'm an independant computer consultant, specializing in solving problems that traditional IT personnel tend to have difficulty with... That includes everything from inventorying hardware & software, to converting systems & data, to training end-users. I particularly enjoy taking on projects that IT has attempted several times before with no success. I also teach at two local Universities: everything from Introduction to Microcomputers through Business Continuity and Security Management. My background includes IT Audit, Computer Security, and a variety of unique IT projects.